const express = require('express');
const router = express.Router();
const AuthController = require('../controllers/authController');
const validate = require('../middleware/validationMiddleware');
const { registerSchema, loginSchema } = require('../utils/validator');
const { authenticateToken, checkRole } = require('../middleware/authMiddleware');

router.post('/register', validate(registerSchema), AuthController.register);
router.post('/login', validate(loginSchema), AuthController.login);

// 受保护的路由示例
router.get('/protected', authenticateToken, (req, res) => {
  res.json({ message: '受保护的路由', user: req.user });
});

// 需要管理员权限的路由示例
router.get('/admin', authenticateToken, checkRole(['admin', 'superadmin']), (req, res) => {
  res.json({ message: '管理员路由' });
});

module.exports = router;